Details about the known misuse from the MUBench dataset.
| Description: | The usage iterates over a data stream to encrypt all values fetched from it. During the iteration, the same Cipher instance is reused for the encryption tasks---which is fine---, but it is also reinitialized with each iteration. Cipher does not support reinitialization and, hence, this may lead to erroneous encryption. |
| Fix Description: |
The init() call should happen before the loop. |
| Violation Types: |
|
| In File: | mubench/examples/jca/ReinitializingCipher.java |
| In Method: | misuse(BufferedReader, Key) |
| Code with Misuse: |
class ReinitializingCipher {
List<byte[]> misuse(BufferedReader dataStream, Key key) throws NoSuchPaddingException, NoSuchAlgorithmException, IOException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
String line;
List<byte[]> encryptedData = new java.util.ArrayList<byte[]>();
while ((line = dataStream.readLine()) != null) {
cipher.init(Cipher.ENCRYPT_MODE, key);
encryptedData.add(cipher.doFinal(line.getBytes("utf-8")));
}
return encryptedData;
}
}
|
| Code with Pattern(s): |
public class ReuseCipher {
List<byte[]> misuse(BufferedReader dataStream, Key key) throws NoSuchPaddingException, NoSuchAlgorithmException, IOException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, key);
String line;
List<byte[]> encryptedData = new java.util.ArrayList<byte[]>();
while ((line = dataStream.readLine()) != null) {
encryptedData.add(cipher.doFinal(line.getBytes("utf-8")));
}
return encryptedData;
}
}
|
